fix for possible buffer overflow in gpu_nodes_get_vertex_attributes() and hair_velocity_smoothing()
and a unlikely NULL pointer dereference in unlink_material_cb().
This commit is contained in:
@@ -1513,7 +1513,7 @@ static void hair_velocity_smoothing(ClothModifierData *clmd, lfVector *lF, lfVec
|
||||
i = HAIR_GRID_INDEX(lX[v], gmin, gmax, 0);
|
||||
j = HAIR_GRID_INDEX(lX[v], gmin, gmax, 1);
|
||||
k = HAIR_GRID_INDEX(lX[v], gmin, gmax, 2);
|
||||
if (i < 0 || j < 0 || k < 0 || i > 10 || j >= 10 || k >= 10)
|
||||
if (i < 0 || j < 0 || k < 0 || i > 10 || j > 10 || k > 10)
|
||||
continue;
|
||||
|
||||
lF[v][0] += smoothfac * (grid[i][j][k].velocity[0] - lV[v][0]);
|
||||
|
||||
@@ -1319,12 +1319,16 @@ static void addtovertices(VERTICES *vertices, VERTEX v)
|
||||
|
||||
static void vnormal(const float point[3], PROCESS *p, float r_no[3])
|
||||
{
|
||||
float delta = 0.2f * p->delta;
|
||||
float f = p->function(point[0], point[1], point[2]);
|
||||
const float delta = 0.2f * p->delta;
|
||||
const float f = p->function(point[0], point[1], point[2]);
|
||||
|
||||
r_no[0] = p->function(point[0] + delta, point[1], point[2]) - f;
|
||||
r_no[1] = p->function(point[0], point[1] + delta, point[2]) - f;
|
||||
r_no[2] = p->function(point[0], point[1], point[2] + delta) - f;
|
||||
|
||||
#if 1
|
||||
normalize_v3(r_no);
|
||||
#else
|
||||
f = normalize_v3(r_no);
|
||||
|
||||
if (0) {
|
||||
@@ -1343,6 +1347,7 @@ static void vnormal(const float point[3], PROCESS *p, float r_no[3])
|
||||
normalize_v3(r_no);
|
||||
}
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -167,7 +167,7 @@ static void draw_modifier__generator(uiLayout *layout, ID *id, FModifier *fcm, s
|
||||
uiDefBut(block, LABEL, 1, "y =", 0, 0, 40, 20, NULL, 0.0, 0.0, 0, 0, "");
|
||||
|
||||
/* coefficient */
|
||||
uiDefButF(block, NUM, B_FMODIFIER_REDRAW, "", 0, 0, bwidth/2, 20, cp, -UI_FLT_MAX, UI_FLT_MAX,
|
||||
uiDefButF(block, NUM, B_FMODIFIER_REDRAW, "", 0, 0, bwidth / 2, 20, cp, -UI_FLT_MAX, UI_FLT_MAX,
|
||||
10, 3, TIP_("Coefficient for polynomial"));
|
||||
|
||||
/* 'x' param (and '+' if necessary) */
|
||||
|
||||
@@ -158,13 +158,18 @@ static void unlink_material_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeEl
|
||||
totcol = mb->totcol;
|
||||
matar = mb->mat;
|
||||
}
|
||||
else {
|
||||
BLI_assert(0);
|
||||
}
|
||||
|
||||
if (LIKELY(matar != NULL)) {
|
||||
for (a = 0; a < totcol; a++) {
|
||||
if (a == te->index && matar[a]) {
|
||||
matar[a]->id.us--;
|
||||
matar[a] = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void unlink_texture_cb(bContext *UNUSED(C), Scene *UNUSED(scene), TreeElement *te,
|
||||
|
||||
@@ -1046,7 +1046,8 @@ static void gpu_nodes_get_vertex_attributes(ListBase *nodes, GPUVertexAttribs *a
|
||||
}
|
||||
}
|
||||
|
||||
if (a == attribs->totlayer && a < GPU_MAX_ATTRIB) {
|
||||
if (a < GPU_MAX_ATTRIB) {
|
||||
if (a == attribs->totlayer) {
|
||||
input->attribid = attribs->totlayer++;
|
||||
input->attribfirst = 1;
|
||||
|
||||
@@ -1055,11 +1056,13 @@ static void gpu_nodes_get_vertex_attributes(ListBase *nodes, GPUVertexAttribs *a
|
||||
BLI_strncpy(attribs->layer[a].name, input->attribname,
|
||||
sizeof(attribs->layer[a].name));
|
||||
}
|
||||
else
|
||||
else {
|
||||
input->attribid = attribs->layer[a].attribid;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void gpu_nodes_get_builtin_flag(ListBase *nodes, int *builtin)
|
||||
|
||||
@@ -2802,7 +2802,7 @@ void wm_event_add_ghostevent(wmWindowManager *wm, wmWindow *win, int type, int U
|
||||
event.y = evt->y = (win->sizey - 1) - cy;
|
||||
}
|
||||
|
||||
event.val= 0;
|
||||
event.val = 0;
|
||||
|
||||
/* Use prevx/prevy so we can calculate the delta later */
|
||||
event.prevx = event.x - pd->deltaX;
|
||||
|
||||
Reference in New Issue
Block a user